CVE-2020-11902
published 2020-06-17CVE-2020-11902: The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
PriorityP347high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
9.28%
94.7th percentile
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| treck | tcp_ip | < 6.0.1.66 | 6.0.1.66 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Treck TCP/IP Stack (Update I)
cisa_ics·2024-09-19·CVSS 10.0
[CRITICAL] Treck TCP/IP Stack (Update I)
ICS Advisory
##
Treck TCP/IP Stack (Update I)
Last RevisedSeptember 19, 2024
Alert CodeICSA-20-168-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Treck Inc.
- Equipment: TCP/IP
- Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify
Palo Alto
PAN
vendor_paloalto·2020-07-08·CVSS 9.8
CVE-2013-7459 [CRITICAL] PAN
PAN
The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful
CVEs: CVE-2013-7459, CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-16402, CVE-2020-11022, CVE-2020-11023, CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
Affected products: PAN-OS
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco·2020-06-17
CVE-2020-11896 [CRITICAL] CWE-20 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco
CVE-2020-11902 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
CVE-2020-11902: Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
CWE: CWE-20, CWE-20
Bug IDs: CSCvu68945, CSCvu68945, CSCvu68945, CSCvu68945
GHSA
GHSA-gwj4-85g2-26g9: The Treck TCP/IP stack before 6
ghsa_unreviewed·2022-05-24
CVE-2020-11902 [HIGH] GHSA-gwj4-85g2-26g9: The Treck TCP/IP stack before 6
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
No detection rules found.
No public exploits indexed.
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.com
2020-06-17
Published